Identity and Access Management Hindered by Lack of Organizational Alignment as Workforce Identities Pose Increasing Risk

New Survey Sponsored by Identity Defined Security Alliance Explores How Identity Is Addressed by Enterprise IT Security Teams, Finding Only Half Have Any Level of Workforce IAM Ownership

December 10, 2019 08:00 ET | Source: Identity Defined Security Alliance

DENVER, Dec. 10, 2019 (GLOBE NEWSWIRE) — The Identity Defined Security Alliance (IDSA), an industry alliance that helps organizations leverage existing cybersecurity investments to establish a stronger security posture, today released a study on Identity and Access Management (IAM) trends. “The State of Identity: How Security Teams Are Addressing Risk,” is based on an online survey of over 511 IT security decision makers. The report highlights explosive workforce identity growth and organizational disconnects which are creating risk.

“With the majority of today’s breaches tied to compromised credentials and the number of credentials skyrocketing, IAM is a critical and complex issue that spans many organizational teams, requiring a strategy around people, processes and technology,” said Julie Smith, executive director of the IDSA. “The findings highlight that addressing identity security through integrated technologies is only one piece of the puzzle. Without collaboration amongst all stakeholders and a clear understanding of responsibilities and handoff points, identity incurs greater risk.”

This research shows that the majority of companies have experienced a five-fold increase in the number of workforce identities, which are being driven primarily by mobile and cloud technology. Encouragingly, one-hundred percent of IT security stakeholders report that a lack of strong IAM practices introduces security risk. Security leadership also cares “much more” about IAM now than ever before, with importance anticipated to continue to increase over the next five years. Despite growth, and an apparent understanding of risk, only half of IT security professionals state that the security team has any level of ownership for workforce IAM. What’s more, less than one in four IT security professionals say their teams have “excellent” awareness of their company’s identity strategy.

“As businesses embrace new technologies and expand their workforce, the reality of managing identities is seemingly growing more complex by the day. Awareness of the impact IAM has on security posture has grown as well, as an increasing number of data breaches are tied to stolen identities,” said James Carder, CISO and vice president of LogRhythm Labs. “However, as the data shows, IAM efforts face several organizational challenges as companies grapple with who should take the lead. With the number of identities growing, organizations of all sizes should examine how identity management fits into their security strategy, and eliminate any silos between teams that increase risk or slow the pace of the digital transformation of the business.”

Key Findings

  •  Modern technologies are driving explosive growth of identities

  • 52% say that identities have grown more than five-fold in the past 10 years
  • The increase in identities is driven primarily by technology changes, such as mobile devices (76%)
  • Other identity growth factors include a mix of more employees (57%), connected employees (66%), enterprise connected devices (60%), and cloud applications (59%)

  •  Identities are increasingly important to corporate security

  • 100% report a lack of strong IAM practices introduces security risk
  • 92% say security leadership cares more about identity management now than in the past
  • Security teams are worried about a range of potential identity-related security incidents, including phishing (83%), social engineering (70%), compromised privileged identities (64%), and more

  •  Identity security efforts lack alignment

  • While security is involved in IAM activities (99%), only 24% say their security team has “excellent” awareness of IAM
  • A wide range of organizational issues prevent security from engaging with workforce IAM, including lack of alignment of goals (33%), reporting structure (30%), history of security not being involved (30%), and resistance from existing teams (24%)
  • Budget ownership issues (40%) are cited as the top reason for not spending more on workforce IAM

  •  Incomplete security ownership for identities has consequences

  • Only half (53%) report that security has any level of ownership for workforce IAM
  • When security teams have ownership of IAM they have better understanding of identities, are more likely to view IAM leadership as a career opportunity, and face fewer barriers to IAM involvement

The IDSA brings identity and security vendors, solution providers and practitioners together to collaborate on approaches for bringing identity and security technologies together. However, the results of this survey have uncovered additional disconnects that introduce organizational barriers, highlighting that successful identity programs rely not just on technology, but also on people and process. The IDSA is committed to providing holistic guidance for organizations to achieve a stronger security posture through identity.

To download the report, visit For more information and resources offered by the IDSA, visit

Survey Methodology
Dimensional Research conducted an independent online survey of IT security professionals in the United States. A total of 511 qualified participants completed the survey. All had responsibility for IT security decision making at a company with more than 1,000 employees. Participants included a mix of roles, company sizes, and vertical industries.

About Dimensional Research
Dimensional Research® provides practical market research to help technology companies make their customers more successful. Our researchers are experts in the people, processes, and technology of corporate IT. We understand how technology organizations operate to meet the needs of their business stakeholders. We partner with our clients to deliver actionable information that reduces risks, increases customer satisfaction, and grows the business. For more information, visit

About the Identity Defined Security Alliance
The IDSA is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of thought leadership, expertise and practical guidance on identity centric approaches to security for technology professionals. The IDSA is a nonprofit that facilitates community collaboration to help organizations reduce risk by providing education, best practices and resources.

Follow the IDSA
Join the Community:

Industry Contact:
Identity Defined Security Alliance
Julie Smith, 303-324-3159

Related Articles

2020: A Year Like No Other


Let's work together to help everyone become more secure.